I created a filter for fail2ban to mitigate Wordpress bruteforce attacks /etc/fail2ban/filter.d/wp-login.conf Code: # Fail2Ban filter for Wordpress login attempts # ISPConfig log version (/var/log/apache2/other_vhosts_access.log) # Test with: # fail2ban-regex /var/log/apache2/other_vhosts_access.log /etc/fail2ban/filter.d/wp-login.conf /etc/fail2ban/filter.d/wp-login.conf # [Definition] failregex = ^.*:\d+\ <HOST>.*\"POST\ \/wp-login.php HTTP\/.*\" ignoreregex = Tell fail2ban to use the filter with /etc/fail2ban/jail.d/wp-login.conf (you can change this name as you prefer) Code: [wp-login] enabled = true filter = wp-login logpath = /var/log/apache2/other_vhosts_access.log maxretry = 3 findtime = 180 bantime = 600 port = http,https To remember: findtime is the time within the attempts should occur to be marked as bruteforcing bantime is the time to ban the IP